kallithea Changeset - be2b75779da3

Changeset - be2b75779da3

Parent rev.

Child rev.

[Not reviewed]

beta

0 1 0

Marcin Kuzminski - 13 years ago 2013-05-12 19:19:33
marcin@python-works.com

Repository groups: super admin shouldn't have the permission set
when he creates a group. Super admins anyway can edit groups even without
explicit permissions set

1 file changed with 5 insertions and 3 deletions:

rhodecode/model/repos_group.py

0 comments (0 inline, 0 general)

rhodecode/model/repos_group.py

➞

Show inline comments

@@ @@ -95,108 +95,110 @@ class ReposGroupModel(BaseModel): @@
         """
         Renames a group on filesystem
         :param group_name:
         """
         if old == new:
             log.debug('skipping group rename')
             return
         log.debug('renaming repository group from %s to %s' % (old, new))
         old_path = os.path.join(self.repos_path, old)
         new_path = os.path.join(self.repos_path, new)
         log.debug('renaming repos paths from %s to %s' % (old_path, new_path))
         if os.path.isdir(new_path):
             raise Exception('Was trying to rename to already '
                             'existing dir %s' % new_path)
         shutil.move(old_path, new_path)
     def __delete_group(self, group, force_delete=False):
         """
         Deletes a group from a filesystem
         :param group: instance of group from database
         :param force_delete: use shutil rmtree to remove all objects
         """
         paths = group.full_path.split(RepoGroup.url_sep())
         paths = os.sep.join(paths)
         rm_path = os.path.join(self.repos_path, paths)
         log.info("Removing group %s" % (rm_path))
         # delete only if that path really exists
         if os.path.isdir(rm_path):
             if force_delete:
                 shutil.rmtree(rm_path)
             else:
                 #archive that group`
                 _now = datetime.datetime.now()
                 _ms = str(_now.microsecond).rjust(6, '0')
                 _d = 'rm__%s_GROUP_%s' % (_now.strftime('%Y%m%d_%H%M%S_' + _ms),
                                           group.name)
                 shutil.move(rm_path, os.path.join(self.repos_path, _d))
     def create(self, group_name, group_description, owner, parent=None, just_db=False):
         try:
             user = self._get_user(owner)
             new_repos_group = RepoGroup()
-            new_repos_group.user = self._get_user(owner)
+            new_repos_group.user = user
             new_repos_group.group_description = group_description or group_name
             new_repos_group.parent_group = self._get_repo_group(parent)
             new_repos_group.group_name = new_repos_group.get_new_name(group_name)
             self.sa.add(new_repos_group)
             perm_obj = self._create_default_perms(new_repos_group)
             self.sa.add(perm_obj)
             #create an ADMIN permission for owner, later owner should go into
             #the owner field of groups
             #create an ADMIN permission for owner except if we're super admin,
             #later owner should go into the owner field of groups
             if not user.is_admin:
             self.grant_user_permission(repos_group=new_repos_group,
                                        user=owner, perm='group.admin')
             if not just_db:
                 # we need to flush here, in order to check if database won't
                 # throw any exceptions, create filesystem dirs at the very end
                 self.sa.flush()
                 self.__create_group(new_repos_group.group_name)
             return new_repos_group
         except Exception:
             log.error(traceback.format_exc())
             raise
     def _update_permissions(self, repos_group, perms_new=None,
                             perms_updates=None, recursive=False,
                             check_perms=True):
         from rhodecode.model.repo import RepoModel
         from rhodecode.lib.auth import HasUserGroupPermissionAny
         if not perms_new:
             perms_new = []
         if not perms_updates:
             perms_updates = []
         def _set_perm_user(obj, user, perm):
             if isinstance(obj, RepoGroup):
                 self.grant_user_permission(
                     repos_group=obj, user=user, perm=perm
+                )
             elif isinstance(obj, Repository):
                 #we do this ONLY IF repository is non-private
                 if obj.private:
                     return
                 # we set group permission but we have to switch to repo
                 # permission
                 perm = perm.replace('group.', 'repository.')
                 RepoModel().grant_user_permission(
                     repo=obj, user=user, perm=perm
+                )
         def _set_perm_group(obj, users_group, perm):
             if isinstance(obj, RepoGroup):
                 self.grant_users_group_permission(
                     repos_group=obj, group_name=users_group, perm=perm
+                )
             elif isinstance(obj, Repository):

0 comments (0 inline, 0 general)